SSL could fail at any time

alarm

Whenever you talk about web security it isn’t long before you hit SSL. It’s one of the foundational security pieces we have. After the recent Comodo debacle you might be interested in how completely broken SSL really is. This is a great article from The Register.

It starts like this:
Analysis Every year or so, a crisis or three exposes deep fractures in the system that’s supposed to serve as the internet’s foundation of trust. In 2008, it was the devastating weakness in SSL, or secure sockets layer, certificates issued by a subsidiary of VeriSign. The following year, it was the minting of a PayPal credential that continued to fool Internet Explorer, Chrome and Safari browsers more than two months after the underlying weakness was exposed.

And ends with this great quote from Jeremiah Grossman, CTO of White Hat Security:
“It is definitely weak. It could fall down at anytime.”

Worth a read.

Posted by Carlton Duston on 14 Apr 2011 | 0 comments
Tagged with News, Opinion, None

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Node images can be embedded in this post. Format: [image:ID:TYPE:ALIGN:CAPTION]
    TYPE: thumb display logo
    ALIGN: left right center none
    CAPTION: <insert new> desc (image description) none
    Examples: [image:8:thumb:right:none] [image:12:display:none:Sunset]
  • You can use Textile markup to format text.
  • Adds typographic refinements.

More information about formatting options

4
Image CAPTCHA
Enter the characters shown in the image.